Security patch re-released for Excel 2003

A calculation-error bug in Microsoft Office Excel 2003, which was acknowledged by Microsoft last Friday, has been resolved with a security update.

Microsoft Security Response Center (MSRC) blogger Tim Rains pointed to an updated security bulletin, MS080-014, dated March 19. The bulletin had originally been issued on March 11 during the Patch Tuesday update cycle, with the aim of addressing four "critical" fixes in Microsoft products, including a remote code execution flaw in Excel 2003.

The revised bulletin MS080-014 points readers to an updated security update 943985 (buried in MS080-014's FAQ), which resolves the Excel 2003 calculation error. The 943985 security update states the following under "Resolution":

"Microsoft has completed research about this issue and has re-released security update 943985 for users of Microsoft Office Excel 2003 Service Pack 2 and of Microsoft Office Excel 2003 Service Pack 3."

This re-released Excel 2003 security fix also will be offered to users through Microsoft's Automatic Updates.

Rains explained that the Excel calculation error was associated with the use of real-time data in Excel, based on a "user-created Visual Basic for Applications solution." Such a setup returned an incorrect zero result after the initial Excel 2003 security patch had been applied.

The problem tended to affect "on-the-go finance types," according to expert opinion, and affected users tended to have "a custom-built VBA function" in place, Rains said.

This article was originally published March 21 on RedmondMag.com, an affiliate Website of GCN.com.